Google defines IP cloaking as being able to "...serve benign content to detection systems, but serve malicious content to normal web page visitors".

Like many security companies, Google monitors compromised web sites. In 2008 it discovered that those sites had stopped returning malicious results to its monitoring systems, but still served malware to other site visitors.

The malware authors had learned the IP addresses hosting the monitoring software, and so excluded them from their malware dissemination practice, thereby making their sites appear clean.

"In 2008, we discovered that some malware domains no longer returned malicious payloads to our system but still did so to users.

"As a result, we developed detection for cloaking. At the time of writing, IP cloaking contributes significantly to the overall number of malicious web sites found by our system."

The research also found that cyber criminals generally spend little time on any individual exploit, quickly switching focus to new vulnerabilities in order to stay ahead of detection by law enforcement and security specialists.

"Our analysis of which vulnerabilities are actively being exploited over time shows that adversaries quickly switch to new and more reliable exploits to help avoid detection," wrote Lucas Ballard and Niels Provos, of Google's Security Team in a blog.

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop.
Will your business be upgrading?

Popular Threads

There is a lot of attention being paid to how business leaders can use the mobile computing preferences of employees and customers to be more responsive, efficient and successful. This white paper runs through five security considerations for the mobile age.